More Articles

The Dispatch E-Edition

All current subscribers have full access to Digital D, which includes the E-Edition and
unlimited premium content on Dispatch.com, BuckeyeXtra.com, BlueJacketsXtra.com and
DispatchPolitics.com.
Subscribe
today!

By W.J. HenniganLOS ANGELES TIMES • Monday April 23, 2012 5:21 AM

LOS ANGELES — Most weekdays, Jarrad Sims and Tin Tam, a pair of college buddies, ride their
bikes to a computer center and try to hack into computer security systems belonging to Boeing
Co.

Boeing is paying them to do it — a situation that the friends have pronounced “awesome.”

For two years, the young engineers have worked in a secluded unit where they design and test
ironclad security systems for the largest aerospace company in the world. Boeing’s systems need to
be capable of staving off hackers and keeping safe some of the nation’s most prized intellectual
property.

Sims, 25, and Tam, 24, spend much of their days devising, revising and analyzing complicated
security programs that they then attempt to crack.

The pair from California State University-Pomona were hired after they aced a cyber-security
competition held by Boeing.

As computer threats become more coordinated and complex, Boeing and other defense contractors
are bolstering their cyber-security staffs. Increasingly, they are turning to unlikely characters
like Sims and Tam.

“As long as there are computers, there will be somebody trying to attack them,” Sims said.

The damage from hackers to consumers is well known, but the potential for corporate sabotage is
far greater, and the need for cyber-sleuths is huge and growing.

Those workers need access to the Internet. Although that access enables employees to get the
information they need to do their jobs, it also opens a door for hackers to sneak through.

It’s not just monolithic corporations at risk. Even small businesses are liable for lost or
stolen data, said Scott Hauge, president of Small Business California, a small-business advocacy
group.

“I recently had a client who owns a restaurant where credit-card information got released to the
public,” he said. “As a result, MasterCard is looking to collect $200,000 in fines, and he also is
looking at numerous credit-card holders bringing action against him.”

Such liability has driven demand for cyber-security expertise, said Richard A. Clarke, a former
chief counterterrorism adviser for the National Security Council and author of
Cyber War.

“There’s an arms race in cyber right now,” he said. “And the talent isn’t just found at the MITs
or Stanfords anymore. It’s a whole new skill set.”

A generation ago, the brightest engineers in the aerospace industry were typically recruited
from Ivy League universities and other prestigious institutions.

Now defense contractors are broadening the hiring pool as they hunt for savvy young computer
whizzes at local colleges.

Lynn A. Dugle, Raytheon Co.’s president of intelligence-information-systems businesses, said
last year at a conference that her company’s most impressive cyber-security hires have come from
outside of traditional recruiting outlets.

One recruit was a man who didn’t have a college education and didn’t graduate from high school.
He had a GED and worked at a pharmaceutical plant stuffing pills into bottles.

At night, he participated in online hacker competitions and outperformed others, Dugle said.

“That person would have not gotten through the normal Raytheon recruiting process,” she
said.

Boeing hired Sims and Tam more than two years ago along with four other Cal Poly-Pomona
classmates, most of whom have since left for other cyber-security jobs.

Their world is full of colorful terms to describe lurking computer threats.

They try to stop “Trojan horses,” which enable a hacker to gain access to computers when people
click on dangerous links.

They try to squash “worms” that replicate, spread and corrupt computer files.

And they fight “logic bombs” that hide in computers and delete files at a specific time.

Cyber-security professionals have identified tens of thousands of threats aimed at Microsoft
Windows programs over the years. If Windows vulnerabilities are found on Boeing’s security system,
they fall under Tam’s purview to fix.

If one employee makes a mistake — forgetting to download a security update or clicking a
suspicious link — hackers may get all the access they need to cause trouble.

Boeing’s cyber-security workers need to know how to counter an attack so even if a virus is
launched it will not infect the system. They determine whether the newest, most harmful viruses —
which, when activated, may damage or delete files, cause erratic system behavior, display messages
or even erase data — would work on the system.

Sims and Tam stay current on hackers’ affairs by looking at what they’re saying in hacker chat
rooms. Then they take what they’ve learned to the lab environment.

Boeing’s cyber-security team can spend weeks prodding the system on a platform they designed
called “cyber range in a box” that simulates the Internet without actually going live on it. They
comb through the security system, seeing whether there are new ways to inject harmful code that
would change the database content or dump information like credit-card numbers or passwords to a
hacker.

In this controlled environment, the team can apply what they learn in real-world situations.